Router firewall help

Hi, as a newbie silver haired surfer new to the world of routers I would appreciate any help from members regarding a firewall issue. I have recently received a Siemens Gigaset 587 router from Tiscali UK, this is hard wired to my one and only single desktop PC running Win XP protected by Online Armor firewall. On checking it's stealth at Shields Up I was concerned to discover the common port check showed only two stealthed ports the rest being only closed, and not stealthed as was the case with the Thompson Speed touch 330 Modem.
The all Service port check showed some closed but most were indeed stealthed, as opposed to all with the Speedtouch modem. n re running the check as suggested it would seem that the firewall did in fact learn and I got a passed result for both port tests. This was fine until I re tested on another occasion when I got the previous fail results once again.
I have also tested it using both Zone Alarm and Comodo firewalls, each one of course after un installing the other firewall, and once again I got a fail result. I also got similar results on the Hackerwatch site. However if I then disable the inbuilt Siemens firewall and re test using only my Online Armor firewall I then get all ports showing stealth however I do get a ping result showing on the common port check.
I would appreciate any help or re assurance members can give me regarding this issue and hopefully put my mind at rest that it is OK to disable the Siemens router and let my Online Armor firewall take care of things.
I should add my only reason for using the Siemens router is since my migration to Tiscali from Virgin is that the Thompson 330 now seems to hang on boot up, and as a result I get the no dial tone error message, and from time to time also my user name and password are not registered at this domain.
On running Dr. Speedtouch this also indicates my user name and password are incorrect, when in fact they are, as after a short delay I do get on line. As only the inbuilt modem is shown in phone and modems, and not the Thompson modem I am therefore unable to locate the wait for dial tone box, in order to correct this issue. Finally my apologies for this somewhat long winded and not very technical posting, as it gets harder as you get older

 

Hi Dalesman,

Chances are the shieldsuP test is testing your router, not your firewall.

MIke

 

You need to fully stealth your router.

 

Why do you say so, is this your personal view? Hasn't this "stealth" hype been brought down to earth already?

It is OK. I (personally) would certainly do so as I prefer to use a firewall of my choice instead of imposed one on a router. I know many here will disagree, but atm I can't think of a single reason why.
Regarding OA, I would first check with MikeNash what kind of SPI is there in OA now. If the proper TCP SPI (instead of state table) is implemented, I would by all means use that instead of router's firewall.

 

Brought down to Earth? I set my hardware firewall up to fully stealthed and block echo pings so I can pass the Shileds Up test without the need for any software firewall. A hardware firewall should be your first line of defense.

 

There may be an option in your router configuration to "disable response to ping". You may also want to consider turning off UPnP. See what options are available in the router settings.

 

Hi Dalesman,

closed status on firewall ports is perfectly fine. Psychologically, stealth can "feel" better, but it is not at all necessary. Responding to pings (echo reply) is no big deal either.

 

I understand this, but I would be much curious as to why do you do this. Is it improving your defenses somehow? If yes, how exactly. Or could it simply be that the "test-passing" frenzy (the "green lights" syndrome) befell upon you?

IMO a common sense (including knowledge, common sense in itself is not enough) is your first line of defense. Firewalls are just as good as are the persons behind them. As for their placement, it does not matter if an inbound filter is on a router's hardware or on PC's. afaik, a hardware firewall is a software as well, and as I see it the one I did not ask for. No thank you, I will "roll" my own.


There is a general problem with Steve Gibson's site and many other online or offline tests (leaks i.e.) for that matter. It can give some living daylights (or false sense of security) to a user who do not fully understand what is being tested and how and what is the purpose of a specific test. All that red "FAILED!!!" stamp marks and hype about being "invisible" on net are bull. "If you don't get green lights, you are doomed". Tell me about it...

A proper test should be deprived of any comments (passed-failed) and serve just as an objective reference. A user should make his own conclusions. If he cannot, than the test is not for him, and some reading/learning should preceed reruns of the test.
I understand that many does not have enough knowledge to interpret tests properly, but as I see it, the quick answers, the green-red concepts, the "one button" solutions, call them what you like, are actually counterproductive to security. They does not encourage learning, and there is no security without it. No software, no matter which test it passes, can make up for that.

 

From what I have learned over the years, the only advantage of a
software firewall contained in a circuit box that is remote from the
PC (known as a "hardware firewall"), is that it is more difficult
for malware located on the PC to attack the firewall directly.
On the other hand, a good inbound firewall residing on a user's
PC, is generally more easily configured to local needs than a
"hardware" firewall, in my limited experience.

In either case, if the filtering software is inherently well designed,
both will do an equally effective job, if properly configured.

 

The other advantage to a router for inbound traffic is it handles and processes all the Internet "noise" (port scans, ARP requests and other crap) that a software firewall would otherwise have to handle. If logging is enabled - as it most often is and should be - on the software firewall when not sitting behind a router, it can consume tremendous resources, taxing the computer in the process. A router handles all this crap, taking the load off the pc. Obviously in this situation the software fw is useful for outbound filtering only.

Here is some evidence of Internet noise that my router handles. This is only ARP traffic.

 

Not with UPnP enabled.

 

Note my use of the phrase "...if properly configured"
UPnP is disabled on my router.

 

And that's the problem with routers being promoted as "plug and forget" security devices. Most routers have lousy default settings and aren't properly configured (Wi-Fi options, default password, UPnP, remote access, etc)
"Autopilot" security doesn't (and probably won't) exist.

 

If you've kept up with your Windows Update since Dec 2001..which would include the UPnP security patch, UPnP isn't anything to lose sleep over.

 

Somebody got to learn sometimes,until i learned that a NAT[network address translation] is only for inbound protection,your NAT does nothing against outbound connections,its something like windows firewall.

Gibson declare everything stealted if you'r behind a Natrouter,and that is the purpose of NAT anyway[completely protecting your network] or making invisible.
if you'r concerned about outbound,then a good HIP or softwarefirewall with inbuild HIP [OA] is a choice.